UPDATED 22:09 EDT / MAY 24 2021

SECURITY

FBI issues flash alert on Conti ransomware attacks targeting healthcare providers

The U.S. Federal Bureau of Investigation has issued a flash alert warning that Contri ransomware attacks are continuing to impact healthcare providers and others.

The alert, issued on May 20, claims that there have now been 16 Conti ransomware attacks targeting healthcare and first responder networks, including law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities in the last year. The cases are among more than 400 organizations worldwide targeted by Conti, including 290 located in the U.S.

“Like most ransomware variants, Conti typically steals victim’s files and encrypts the servers and workstations in an effort to force a ransom payment from the victim,” the FBI said. “If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors.

The FBI notes that recent ransomware demands have been as high as $25 million.

One recent Conti ransomware attack targeted Ireland’s health service, with some stolen patient data shared online. Previous Conti victims include industrial computer manufacturer Advantech Co. Ltd. in November, VOIP hardware and software maker Sangoma Technologies Corp. in December and hospitals in Florida and Texas in February.

“Ransomware groups, like the Conti actors, are going to keep popping up and continue to gain sophistication with every organization that pays,” Joseph Neumann, cyber executive advisor at cybersecurity advisory services Coalfire Systems Inc., told SiiconANGLE. “Hitting first responders and hospitals are good targets due to the pressing need to get back into service after an attack.”

Even if these organizations have a solid plan to get back to normal, it might be slower than paying the ransomware, Neumann added. “As seen from the Colonial pipeline incident, that is still affecting gas prices and demand, restoration of service is slow even when the ransom is paid,” he said.

Bob Rudis, chief data scientist at cybersecurity and compliance solutions provider Rapid7 Inc., noted that this alert isn’t particularly shocking, since healthcare providers have long been a very common target for ransomware attackers.

“Healthcare organizations offer a perfect storm of circumstance that makes them very juicy targets,” Rudis said. “They notoriously struggle to patch systems that are being used around the clock and struggle to justify investment in cybersecurity over investment more directly linked to providing care, while the chaos and time-sensitivity of clinical environments make identity and access management more challenging.”

Photo: J/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

We are holding our third cloud startup showcase on Sept. 22. Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.